Internet-Security.com TCP port 10250 details

TCP port 10250 is the default secure API port used by the Kubernetes kubelet.
Upstream Kubernetes, Red Hat OpenShift, Rancher/RKE/k3s, and managed services like Google Kubernetes Engine (GKE), Amazon EKS, and Azure AKS use kubelets listening on 10250 for node-level APIs over HTTPS.
The kube-apiserver connects to kubelets on 10250 for pod exec/attach, log retrieval, port-forward, and node/pod management actions.
Monitoring components such as metrics-server and Prometheus commonly scrape kubelet endpoints on 10250 (e.g., /stats/summary, /metrics, /metrics/cadvisor).
Container runtimes’ metrics exposed via the kubelet (including cAdvisor metrics) are accessed through this port in many real deployments.
Security note: Internet-exposed or misconfigured kubelets on 10250 (e.g., anonymous auth enabled or permissive RBAC) have been widely exploited to exec into pods and deploy cryptominers, as documented in multiple Kubernetes attack reports since 2018.

TCP 10250